CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5138 – Glitch detection not active by default in Silicon Labs Secure Vault High devices
https://notcve.org/view.php?id=CVE-2023-5138
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. La detección de fallos no está habilitada de forma predeterminada para el núcleo CortexM33 en las partes altas de la bóveda segura de Silicon Labs EFx32xG2xB, excepto EFR32xG21B. • https://community.silabs.com/069Vm0000004f6DIAQ https://github.com/SiliconLabs/gecko_sdk • CWE-909: Missing Initialization of Resource CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4280 – Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region
https://notcve.org/view.php?id=CVE-2023-4280
An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region. Una entrada no validada en la implementación de Silicon Labs TrustZone en v4.3.x y versiones anteriores del SDK de Gecko permite a un atacante acceder a la región confiable de la memoria desde la región que no es confiable. • https://community.silabs.com/069Vm0000004NinIAE https://github.com/SiliconLabs/gecko_sdk • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41097 – Potential Timing vulnerability in CBC PKCS7 padding calculations
https://notcve.org/view.php?id=CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. Una discrepancia de tiempo observable, vulnerabilidad de canal de tiempo oculto en Silabs GSDK en ARM potencialmente permite un ataque de Padding Oracle Crypto en CBC PKCS7. Este problema afecta a GSDK: hasta 4.4.0. • https://github.com/SiliconLabs/gecko_sdk/releases https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000007rArIAI?operationContext=S1 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4020 – Unvalidated input in Silicon Labs PSA Attestation service leads to secure memory access from non-secure memory
https://notcve.org/view.php?id=CVE-2023-4020
An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure region of memory from the non-secure region of memory. Una entrada no validada en una función de librería responsable de la comunicación entre la memoria segura y no segura en la implementación TrustZone de Silicon Labs permite la lectura/escritura de la memoria en la región segura de la memoria desde la región no segura de la memoria. • https://community.silabs.com/069Vm0000004b95IAA https://github.com/SiliconLabs/gecko_sdk/releases • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5310 – Z-Wave Denial of Service caused by Stream of Packets
https://notcve.org/view.php?id=CVE-2023-5310
A denial of service vulnerability exists in all Silicon Labs Z-Wave controller and endpoint devices running Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) and earlier. This attack can be carried out only by devices on the network sending a stream of packets to the device. Existe una vulnerabilidad de denegación de servicio en todos los controladores y dispositivos de endpoint Z-Wave de Silicon Labs que ejecutan Z-Wave SDK v7.20.3 (Gecko SDK v4.3.3) y versiones anteriores. Este ataque solo puede ser llevado a cabo por dispositivos en la red que envían un flujo de paquetes al dispositivo. • https://github.com/SiliconLabs/gecko_sdk/releases https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/069Vm0000005E7EIAU?%20operationContext=S1 • CWE-248: Uncaught Exception CWE-754: Improper Check for Unusual or Exceptional Conditions •